Visitor counter, Heat Map, Conversion tracking, Search Rank

How to secure your intra-network from external attacks when connected to Internet - Web based configuration of PfSense

Now open your web browser and go to ip address of the LAN port of PfSense. In our example its http://192.168.2.1

 

Enable Secure shell for configuring the firewall by remotely logging in to the machine using a Linux shell

We need to install packages on to the base system to get the desired functionality.

the list of available packages has got many packages. We would be installing Squid and Squidguard packages.

Squid is a proxy server.Select Squid in the available list . Click the add package icon on the right.

 

The package installation would require Internet. The required package file would be downloaded by PfSense.

Once the files are downloaded, the system would install the package.

Similarly Squidguard has to be installed. Squidguard would give us the capability to filter traffic based on its URL.

Go to General parameters and setup Primary DNS Server as 4.2.2.2

 

There is an option to configure LAN and WAN interface if required using the Wen Configuration.

Select  Services and then Proxy Server to configure the squid proxy. Select proxy interface as LAN.  Click  on  allow users on the interface.

enter log directory as /var/squid/logs  . This would be required by the report generation package which we would install later. Select a proxy port. This port and the LAN IP of the PfSense would have to entered into all the machines to route their traffic to PfSense.

To configure Squidguard go the Services and select Squidguard. By default it would be disabled. We would have to click enable to start the Squidguard service

Select Blacklist. This would be required for enabling URL filtering.

 To check whether the services Squid and Squidguard have started go to Status and then to Services.

You would notice that the Squidguard service has not started. To start Squidguard a system reboot would be required. Reboot the machine using the Diagnostics.

Go to Status and then to Services. Check the status and verify all the services are running.

Click play to start Squid and then Squidguard

For URL filtering we need to supply a blacklist to the PfSense.  This list contains various groups which we can block as per our requirement.

We would be using a free Blacklist from http://www.shallalist.de/Downloads/shallalist.tar.gz

download and install. This would take considerable time , so be patient.

 

 

 

Now to achieve the desired URL filtering go to Common ACL in Squidguard.

Expand the Target Rules List. By default its deny all. Change it to Allow all. We intend to block only traffic to certain groups such as porn sites etc while  allowing all other. If we do the other way around , ie, denying all by default and allowing only traffic to specific groups. We would end up spending a lot of time only configuring rules.

Here I have shown deny porn and allow all configuration. Similarly all groups which you want blocked can be selected as deny.

Notice the Target rules as !blk_BL_porn all. This implies, as the traffic would arrive, the firewall would check if the URL matches the ones for porn sites, if yes, it will be blocked. If no, it would be allowed.

Select do not allow IP address in URL. If not checked a user can open a site by supplying its IP address in the URL. So even if you would have blocked porn sites, a user who enters  http://206.161.206.131 can still access www.sexocean.com thereby defeating the URL filtering.

To keep an account of usage in terms of data download, sites accessed etc , we would require to identify a particular user. This can only be possible if the user supply  some credentials to access the proxy server. Go to Auth Settings and select local authentication method.

 

For local authentication method, we would require to create users

Now to generate report of the network usage we will install a package called Lightsquid.

To check the report go Status and then to Proxy reports.

configure the settings. Select language and reporting scheme as English and Demo respectively.

The lightsquid would require to capture some data before it can generate a report else it would give an error as under.

The changes required in the user PC are shown using Mozilla Firefox web browser. Similar settings would be required in chrome or Internet explorer.

Comments   

0 #169 실비보험비교사이트 2019-04-21 09:10
When I initially commented I clicked the "Notify me when new comments are added" checkbox and now
each time a comment is added I get several emails with the same comment.
Is there any way you can remove people from that service?
Cheers!

Here is my web-site; 실비보험비교사이트: http://www.xn--o39a10az45anibe0lukg0rbf4v3vu.kr/
Quote
0 #168 http://Momo-Tour.com 2019-04-16 11:07
III Palestra Brasileiro a Pressão alta.
Quote
0 #167 atasehir escort 2019-03-30 03:48
Howdy! I could have sworn I've been to this website before but after reading through some of the post I realized it's new
to me. Anyways, I'm definitely delighted I found it and I'll be bookmarking and checking
back often!
Quote
0 #166 govt vehicles 2019-03-24 07:23
I do not know if it's just me or if everybody else
experiencing problems with your website. It appears as though
some of the text within your posts are running off the
screen. Can someone else please provide feedback and let me know if this is happening to them as well?

This might be a issue with my browser because I've had this happen previously.
Thanks

Take a look at my web page ... govt vehicles: https://www.u-pull-it.com/can-flood-cars-be-repaired-how-to-rebuild-a-flood-car/
Quote
0 #165 자동차보험료비교견적사이트 2019-03-20 06:48
This post presents clear idea in favor of the new people of blogging, that in fact
how to do blogging and site-building.

Also visit my site 자동차보험료비교견적사이트: http://www.jjanglive.com/
Quote
0 #164 casino gsn 2019-03-19 20:51
Hi there! I simply would like to offer you a huge thumbs up for the excellent information you
have here on this post. I am returning to your web
site for more soon.
Quote
0 #163 자동차보험료비교견적사이트 2019-03-17 05:37
Thanks for a marvelous posting! I genuinely enjoyed reading it, you are a great author.I will ensure that I bookmark your blog and will come back later in life.

I want to encourage you to continue your great posts, have
a nice evening!

Feel free to visit my homepage - 자동차보험료비교견적사이트: http://www.xn--l89a4l15n2tf80fw6bj1g22q8gaq4b6z2aizt6ij.org/
Quote
0 #162 air fresheners toxic 2019-03-02 13:20
It's a shame you don't have a donate button! I'd definitely donate to
this fantastic blog! I guess for now i'll settle for bookmarking and adding your RSS feed to my Google account.
I look forward to new updates and will share this blog with my Facebook
group. Chat soon!

Take a look at my web-site :: air fresheners toxic: https://www.minds.com/blog/view/945365863529209856
Quote
0 #161 openload.co 2019-03-01 17:22
Hey! Do you use Twitter? I'd like to follow you if that
would be okay. I'm undoubtedly enjoying your blog and look forward to new updates.


my website :: jeep auto - openload.co: https://openload.co/f/bMM41qvckK4/Buy_vehicle_addons_onlinestwww.pdf,
Quote
0 #160 Karolin 2019-02-14 09:25
Antibiótico e também corticosteróide curado contra ?
Quote
0 #159 i want sex toys 2019-02-02 15:58
Hello just wanted to give you a quick heads up and let you know a few of the images aren't loading correctly.
I'm not sure why but I think its a linking issue.
I've tried it in two different internet browsers and both
show the same outcome.
Quote
0 #158 porn game site 2019-01-31 17:34
Excellent, what a weblog it is! This weblog presents helpful facts
to us, keep it up.
Quote

Add comment


Security code
Refresh